dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: buffer overflows in ncurses

Oct 13, 2000, 22:06 (0 Talkback[s])

Date: Thu, 12 Oct 2000 12:12:11 -0600
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Upeate: buffer overflows in ncurses


                   Caldera Systems, Inc.  Security Advisory

Subject:                buffer overflows in ncurses
Advisory number:        CSSA-2000-036.0
Issue date:             2000 October, 11
Cross reference:

1. Problem Description

There is a buffer overflow in ncurses which allows local users to exploit setuid / setgid applications that link against ncurses to gain access to their permissions.

Following applications shipped with OpenLinux might be affected by this problem:

   * lpq                (not exploitable)
   * minicom            (potentially exploitable, but is only setgid uucp)
   * mutt_dotlock       (not exploitable)

2. Vulnerable Versions

   System                       Package

 OpenLinux Desktop 2.3        All packages previous to
                                ncurses-4.2-6

OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder ncurses-4.2-6
OpenLinux eDesktop 2.4 All packages previous to ncurses-4.2-6
3. Solution

Workaround:

None known.

The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

f31b8e7d2d35ca8f8003cd580eb4a643 RPMS/ncurses-4.2-6.i386.rpm
16abd61e99c33cb61ae68a8796e81d7f RPMS/ncurses-devel-4.2-6.i386.rpm
02f355cb7e3beb3b9cd132461ab0a857 RPMS/ncurses-devel-static-4.2-6.i386.rpm
64bf29f03acc305756b9abdcfbb76a7f RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
b569d3980e687e6f516510d865158cee RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv ncurses-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

1a7b87dd8146b9529aad5dd6303e248a RPMS/ncurses-4.2-6.i386.rpm
b35e9397d8bd9584aae7482775f64dd2 RPMS/ncurses-devel-4.2-6.i386.rpm
2af93cedddae6f32a2d49ac5182d7f67 RPMS/ncurses-devel-static-4.2-6.i386.rpm
dc654d552c15d9d438270b5019584988 RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
4da3269d769520ff3f64f026a293f028 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv ncurses-*.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

afd119c5acda89001cea005faacb32f1 RPMS/ncurses-4.2-6.i386.rpm
7eaa20203c718449f43a9e12cc0ce8f7 RPMS/ncurses-devel-4.2-6.i386.rpm
551843505cd6c87948bb695cc034f73c RPMS/ncurses-devel-static-4.2-6.i386.rpm
b40dd2ad2a081c20eb4f8c414c467baa RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
869064fed6dcf2fee13ee518f2dcb236 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv ncurses-*.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 7948.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

Caldera Systems wishes to thank Jouko Pynnönen and Thomas Dickey for finding and reporting this problem and suggesting fixes.